[Arquivado] janelas de resultado da pesquisa abrem sozinhas

[vivianeholanda 0]

segue log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:44:57, on 27/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NewShortcut1.lnk = ?

O4 - Global Startup: TMMonitor.lnk = C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250299882803

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1663BE5-5C66-4342-9B97-4068B7C7E988}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\system32\cmpe.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 6780 bytes

[PedroN 1]

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

 

• Baixe:OTL.exe

• Salve-o no desktop!

 

 

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

 

-- [] LOP check e [] Purity check

 

• Clique em: e aguarde.

• Poste:

 

1) OTL.txt <-- <3>

2) Extra.txt <--

[vivianeholanda 0]

olá!

abaixo tudo o que foi pedido.

Achei importante falar que enquanto eu esparava repostas neste fórum, outras janelas começaram a abrir, a de configuração do outlook. Chego a perder a paciência com ela.

 

--------

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3819

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

3/3/2010 12:54:52

mbam-log-2010-03-03 (12-54-52).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|)

Objetos verificados: 210584

Tempo decorrido: 44 minute(s), 53 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

------------

 

OTL logfile created on: 3/3/2010 13:01:30 - Run 1

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Família\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.015,00 Mb Total Physical Memory | 393,00 Mb Available Physical Memory | 39,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,00 Gb Total Space | 113,45 Gb Free Space | 76,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VIVIANE-EEC02E3

Current User Name: Família

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Família\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe (PC Tools)

PRC - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe (PC Tools)

PRC - C:\Arquivos de programas\Spyware Doctor\pctsTray.exe (PC Tools)

PRC - C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)

PRC - C:\Arquivos de programas\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft)

PRC - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

PRC - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

PRC - C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

PRC - C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe (LightComm)

PRC - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Família\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Arquivos de programas\Spyware Doctor\klg.dat (PC Tools)

MOD - C:\Arquivos de programas\Spyware Doctor\smum32.dll (PC Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (cmpe) -- File not found

SRV - (Macromedia Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (MSCamSvc) -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (sdCoreService) -- C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (IDT, Inc.)

SRV - (ACDaemon) -- C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)

DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (PxHelp20) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()

DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

DRV - (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS (Robert Schlabbach)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.br/http://www.bing.com/ [binary data]

IE - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

IE - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\S-1-5-21-1715567821-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2009/12/20 11:19:46 | 000,000,685 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSTray] C:\Arquivos de programas\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [sysTrayApp] C:\Arquivos de programas\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\NewShortcut1.lnk = C:\Arquivos de programas\USB_video_device\Utility\RemoteTool\BDARemote.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TMMonitor.lnk = C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250299882803 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/14 21:54:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\AutoRun\command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\open\Command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\AutoRun\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\open\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\AutoRun\command - "" = F:\tZgMdW.Exe -- File not found

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\Open\coMmaND - "" = F:\TZGMdw.eXe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/03/03 12:56:58 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Família\Desktop\OTL.exe

[2010/03/03 12:05:32 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Família\Desktop\mbam-setup.exe

[2010/03/03 11:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\Help

[2010/03/02 19:52:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2010/03/01 08:21:45 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Multilaser

[2010/03/01 08:19:57 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\receptor

[2010/02/28 11:37:28 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll

[2010/02/28 11:37:28 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl

[2010/02/28 11:37:02 | 005,141,755 | ---- | C] (Laurent KUTIL & Franck DELATTRE ) -- C:\Arquivos de programas\pcw2010_v193.exe

[2010/02/28 11:30:06 | 000,012,672 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys

[2010/02/28 11:30:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CPUID

[2010/02/28 11:30:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ask.com

[2010/02/28 11:29:30 | 002,756,688 | ---- | C] ( ) -- C:\Arquivos de programas\cpuz_153_setup.exe

[2010/02/27 16:13:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Família\Recent

[2010/02/26 19:02:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Família\Meus documentos\Meus vídeos

[2010/02/24 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Desktop\vivi

[2010/02/24 08:24:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010/02/24 08:24:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010/02/24 08:24:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010/02/24 08:24:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010/02/24 08:24:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2010/02/24 08:24:53 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2010/02/24 08:24:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2010/02/24 08:24:52 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2010/02/24 08:24:52 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2010/02/24 08:24:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010/02/24 08:24:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2010/02/24 08:24:50 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2010/02/24 08:24:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2010/02/24 08:24:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2010/02/24 08:24:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2010/02/24 08:24:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2010/02/24 08:24:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2010/02/24 08:24:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2010/02/24 08:24:47 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll

[2010/02/24 08:24:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll

[2010/02/24 08:24:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll

[2010/02/24 08:24:46 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2010/02/24 08:24:46 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2010/02/24 08:24:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2010/02/24 08:24:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2010/02/24 08:24:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2010/02/24 08:24:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2010/02/24 08:24:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2010/02/24 08:24:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2010/02/24 08:24:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2010/02/24 08:24:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2010/02/24 08:24:42 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2010/02/24 08:24:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2010/02/24 08:24:42 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2010/02/24 08:24:41 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2010/02/24 08:24:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2010/02/24 08:24:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2010/02/24 08:24:40 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2010/02/24 08:24:39 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2010/02/24 08:24:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2010/02/24 08:24:39 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2010/02/24 08:24:38 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2010/02/24 08:24:38 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010/02/24 08:24:37 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2010/02/24 08:24:37 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll

[2010/02/24 08:24:36 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll

[2010/02/24 08:24:36 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2010/02/24 08:24:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2010/02/24 08:24:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll

[2010/02/24 08:24:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2010/02/24 08:24:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2010/02/24 08:24:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll

[2010/02/24 08:24:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll

[2010/02/24 08:24:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll

[2010/02/24 08:24:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2010/02/24 08:24:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2010/02/24 08:09:18 | 000,299,864 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\dxwebsetup.exe

[2010/02/23 20:05:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\direct

[2010/02/23 20:02:46 | 035,113,704 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\directx_9c_redist.exe

[2010/02/23 19:06:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys

[2010/02/23 19:06:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys

[2010/02/23 19:06:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax

[2010/02/23 19:06:02 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax

[2010/02/23 19:06:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys

[2010/02/23 19:06:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys

[2010/02/23 19:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\ArcSoft

[2010/02/23 19:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\ArcSoft

[2010/02/23 19:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Dados de aplicativos\ArcSoft

[2010/02/23 19:03:38 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys

[2010/02/23 19:02:59 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ArcSoft

[2010/02/23 19:02:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ArcSoft

[2010/02/23 18:57:52 | 000,535,040 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emBDA.sys

[2010/02/23 18:57:52 | 000,286,208 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\drivers\emOEM.sys

[2010/02/23 18:57:52 | 000,106,496 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emPRP.ax

[2010/02/23 18:57:52 | 000,065,536 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\emMON.exe

[2010/02/23 18:57:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\USB_video_device

[2010/02/23 18:57:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\MCE_Codec

[2010/02/18 12:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Desktop\FADEPE

[2010/02/15 21:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Família\Desktop\Nova pasta

[2009/12/22 06:01:21 | 001,084,528 | ---- | C] (Piriform Ltd) -- C:\Arquivos de programas\ccsetup226_slim.exe

[2009/11/28 18:22:21 | 003,484,928 | ---- | C] (Foxit Software) -- C:\Arquivos de programas\FoxitPDFEditor21_enu_Setup.exe

[2009/11/03 09:11:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/11/03 09:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/03 09:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/10/22 04:21:56 | 065,210,464 | ---- | C] (AVG Technologies) -- C:\Arquivos de programas\avg_free_stf_pb_85_364a1545.exe

[2009/08/18 15:56:30 | 018,118,056 | ---- | C] (Intel Corporation) -- C:\Arquivos de programas\winxp_14324.exe

[2009/08/18 08:23:32 | 020,453,522 | ---- | C] ( ) -- C:\Arquivos de programas\25781_klite_mega_codec_pack_505.exe

[2009/08/18 02:50:38 | 022,074,000 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\MSNOIE8_PTBR_XP.EXE

[2009/08/17 13:33:04 | 025,811,528 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\wmp11-windowsxp-x86-pt-br.exe

[2009/08/15 20:18:22 | 009,880,664 | ---- | C] (Lavalys, Inc. ) -- C:\Arquivos de programas\everestultimate502.exe

[2009/08/15 18:17:56 | 024,893,616 | ---- | C] ( ) -- C:\Arquivos de programas\AdbeRdr910_pt_BR.exe

[2009/08/15 15:14:44 | 031,603,056 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\LifeCam3.0.exe

[2009/08/14 22:52:02 | 001,151,320 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\wlsetup-custom.exe

[2009/08/14 22:28:58 | 001,153,872 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\wlsetup-web.exe

[2004/07/09 04:08:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\dxsetup.exe

[2004/07/09 04:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\dsetup32.dll

[2004/07/09 03:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\DSETUP.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/03/03 13:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/03/03 12:57:19 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Família\Desktop\OTL.exe

[2010/03/03 12:07:07 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/03 12:05:32 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Família\Desktop\mbam-setup.exe

[2010/03/03 12:02:28 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\Microsoft Office Word 2003.lnk

[2010/03/03 11:56:57 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2010/03/03 11:53:22 | 000,000,141 | ---- | M] () -- C:\WINDOWS\reg.xml

[2010/03/03 11:52:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/03 11:52:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/03 11:51:44 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Família\NTUSER.DAT

[2010/03/03 11:51:44 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Família\ntuser.ini

[2010/03/03 07:38:45 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{47A33645-9DC7-4B99-A68C-047DEA26E811}.job

[2010/03/02 06:15:49 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/03/01 18:53:31 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010/03/01 15:54:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Família\Meus documentos\frases.doc

[2010/03/01 08:18:03 | 110,478,619 | ---- | M] () -- C:\Arquivos de programas\receptor_digital_USB.zip

[2010/02/28 11:37:28 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\PC Wizard 2010.lnk

[2010/02/28 11:37:09 | 005,141,755 | ---- | M] (Laurent KUTIL & Franck DELATTRE ) -- C:\Arquivos de programas\pcw2010_v193.exe

[2010/02/28 11:29:33 | 002,756,688 | ---- | M] ( ) -- C:\Arquivos de programas\cpuz_153_setup.exe

[2010/02/26 17:11:48 | 001,068,336 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/02/26 17:11:48 | 000,476,232 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/02/26 17:11:48 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/02/26 17:11:48 | 000,081,204 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/02/26 17:11:48 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/02/24 18:06:46 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Família\Meus documentos\Aula Processamento Auditivo.doc

[2010/02/24 08:09:27 | 000,299,864 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\dxwebsetup.exe

[2010/02/23 20:03:02 | 035,113,704 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\directx_9c_redist.exe

[2010/02/23 19:03:30 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TMMonitor.lnk

[2010/02/23 19:03:30 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia 3.5.lnk

[2010/02/23 18:57:49 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\NewShortcut1.lnk

[2010/02/23 02:25:25 | 057,144,743 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\nerdcast_195_historia_da_internet.mp3

[2010/02/22 11:45:15 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\SUMÁRIO teste.doc

[2010/02/19 03:15:41 | 052,181,118 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\nerdcast_196_rpg_mestre.mp3

[2010/02/18 02:12:11 | 043,631,734 | ---- | M] () -- C:\Documents and Settings\Família\Desktop\nerdcast_197_sobrenatural.mp3

[2010/02/15 21:07:43 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010/02/04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010/02/04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010/02/04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/03/03 12:07:07 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/01 08:17:53 | 110,478,619 | ---- | C] () -- C:\Arquivos de programas\receptor_digital_USB.zip

[2010/02/28 15:09:53 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Família\Meus documentos\frases.doc

[2010/02/28 11:37:28 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll

[2010/02/28 11:37:28 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Família\Desktop\PC Wizard 2010.lnk

[2010/02/28 11:30:03 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/02/24 18:06:46 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Família\Meus documentos\Aula Processamento Auditivo.doc

[2010/02/23 19:06:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2010/02/23 19:06:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

[2010/02/23 19:06:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax

[2010/02/23 19:06:02 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2010/02/23 19:06:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax

[2010/02/23 19:06:02 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

[2010/02/23 19:03:30 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TMMonitor.lnk

[2010/02/23 19:03:30 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia 3.5.lnk

[2010/02/23 18:57:52 | 000,016,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\merlinC.rom

[2010/02/23 18:57:49 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\NewShortcut1.lnk

[2010/02/22 11:41:00 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Família\Desktop\SUMÁRIO teste.doc

[2010/02/17 20:08:59 | 052,181,118 | ---- | C] () -- C:\Documents and Settings\Família\Desktop\nerdcast_196_rpg_mestre.mp3

[2010/02/17 20:07:34 | 057,144,743 | ---- | C] () -- C:\Documents and Settings\Família\Desktop\nerdcast_195_historia_da_internet.mp3

[2010/02/17 20:05:59 | 043,631,734 | ---- | C] () -- C:\Documents and Settings\Família\Desktop\nerdcast_197_sobrenatural.mp3

[2009/12/27 16:54:24 | 000,139,392 | ---- | C] () -- C:\Arquivos de programas\kmp.exe

[2009/12/21 19:35:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Packet.dll

[2009/09/15 20:05:26 | 000,042,496 | ---- | C] () -- C:\Arquivos de programas\funnyvoice.exe

[2009/09/09 06:08:10 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/08/27 13:06:03 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/08/25 08:19:15 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/08/24 13:59:22 | 129,623,944 | ---- | C] () -- C:\Arquivos de programas\Nero-7.0.8.2_ptg_no_yt.exe

[2009/08/24 11:58:39 | 002,501,864 | ---- | C] () -- C:\Arquivos de programas\BitTorrent-6.2.exe

[2009/08/19 10:05:45 | 003,342,809 | ---- | C] () -- C:\Arquivos de programas\eMule0.49c-Installer.exe

[2009/08/18 15:56:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/08/18 08:24:14 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/08/18 08:24:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/08/18 08:24:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/08/18 08:24:11 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/18 08:24:11 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/08/18 08:24:09 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/08/18 08:24:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/17 10:59:20 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Família\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/17 10:41:33 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/17 08:51:30 | 022,315,066 | ---- | C] () -- C:\Arquivos de programas\IDT_62nm.zip

[2009/08/16 18:44:04 | 000,931,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2009/08/15 22:40:36 | 023,190,736 | ---- | C] () -- C:\Arquivos de programas\Second_Life_1-23-4-123908_Setup.exe

[2009/08/15 22:06:38 | 000,020,948 | ---- | C] () -- C:\Arquivos de programas\92XXM8-8.INI

[2009/08/15 22:06:38 | 000,001,928 | ---- | C] () -- C:\Arquivos de programas\ReadMe.txt

[2009/08/15 22:06:38 | 000,000,079 | ---- | C] () -- C:\Arquivos de programas\www.x-drivers.ru.url

[2009/08/15 22:05:30 | 008,225,651 | ---- | C] () -- C:\Arquivos de programas\www.x-drivers.ru_sigmatel_stac92xx.zip

[2009/08/15 21:28:31 | 001,399,555 | ---- | C] () -- C:\Arquivos de programas\wrar390b5br.exe

[2009/08/15 17:35:06 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2009/08/15 17:00:08 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini

[2009/08/15 01:46:58 | 006,598,232 | ---- | C] () -- C:\Arquivos de programas\Juice22Setup.exe

[2009/08/15 01:38:07 | 001,094,021 | ---- | C] () -- C:\Arquivos de programas\dvdshrink32setup.zip

[2009/08/15 00:19:45 | 033,961,728 | ---- | C] () -- C:\Arquivos de programas\avira_antivir_personal_en.exe

[2005/09/29 16:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll

[2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll

[2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll

[2004/07/22 10:51:34 | 003,432,656 | ---- | C] () -- C:\Arquivos de programas\ManagedDX.CAB

[2004/07/19 22:58:36 | 001,156,363 | ---- | C] () -- C:\Arquivos de programas\BDANT.cab

[2004/07/19 22:53:26 | 000,976,020 | ---- | C] () -- C:\Arquivos de programas\BDAXP.cab

[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/07/09 14:17:16 | 013,265,040 | ---- | C] () -- C:\Arquivos de programas\dxnt.cab

[2004/07/09 09:13:48 | 015,493,481 | ---- | C] () -- C:\Arquivos de programas\DirectX.cab

[2004/07/09 09:13:46 | 000,703,080 | ---- | C] () -- C:\Arquivos de programas\BDA.cab

[2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll

[2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2003/02/03 18:12:00 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

 

========== LOP Check ==========

 

[2010/03/03 12:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/12/13 00:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Família\Dados de aplicativos\AnvSoft

[2009/12/14 03:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Família\Dados de aplicativos\BitTorrent

[2009/08/15 01:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Família\Dados de aplicativos\iPodder

[2010/03/03 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Família\Dados de aplicativos\Lightcomm

[2009/08/24 20:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Família\Dados de aplicativos\SecondLife

[2009/08/15 01:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famφlia\Dados de aplicativos\iPodder

[2010/03/03 13:01:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2010/03/03 07:38:45 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{47A33645-9DC7-4B99-A68C-047DEA26E811}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

< End of report >

---------

OTL Extras logfile created on: 3/3/2010 13:01:30 - Run 1

OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Família\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.015,00 Mb Total Physical Memory | 393,00 Mb Available Physical Memory | 39,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,00 Gb Total Space | 113,45 Gb Free Space | 76,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VIVIANE-EEC02E3

Current User Name: Família

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft LifeCam\LifeEnC2.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft LifeCam\LifeTray.exe" = C:\Arquivos de programas\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)

"C:\Arquivos de programas\SecondLife\SLVoice.exe" = C:\Arquivos de programas\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- ()

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)

"C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic - Homecinema -- (mpc-hc@Sourceforge)

"C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver

"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BC21F9D-8857-4282-3421-A1A07C451046}" = Nero 7 Demo

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{498B4BF1-AD73-4AA8-99EB-18D400E42482}" = Novo Dicionário Aurélio

"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{6283826F-59A2-11D9-BB04-000AE6BE6EE7}" = On-line Help Console

"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7FF90D04-A60F-42A0-8F78-88623F99DCAC}" = Multilaser RE00105ML

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager

"{AC76BA86-7AD7-1046-7B44-A92000000001}" = Adobe Reader 9.2 - Português

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}" = BR

"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Ad-Remover" = Ad-Remover By C_XX

"Any Video Converter_is1" = Any Video Converter 3.0.1

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"Clean Virus MSN_is1" = Clean Virus MSN

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1" = PCI SoftV92 Modem

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1

"DVD Shrink_is1" = DVD Shrink 3.2

"eMule" = eMule

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.30

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30

"Foxit PDF Editor" = Foxit PDF Editor

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver

"Juice" = Juice 2.2

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Oi Velox Check Up_is1" = Oi Velox Check Up 1.0

"PC Wizard 2010_is1" = PC Wizard 2010.1.93

"pppoe_is1" = Conexão Oi Velox

"Programador de Modem_is1" = LightModem 3.0

"RASPPPOE" = PPP over Ethernet Protocol 0.98

"SecondLife" = SecondLife (remove only)

"Spyware Doctor" = Spyware Doctor 6.0

"WIC" = Windows Imaging Component

"WinAVI Video Converter_is1" = WinAVI Video Converter

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1715567821-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 1/3/2010 08:35:38 | Computer Name = VIVIANE-EEC02E3 | Source = Microsoft Office 11 | ID = 2001

Description =

 

Error - 1/3/2010 09:30:14 | Computer Name = VIVIANE-EEC02E3 | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 1/3/2010 13:49:30 | Computer Name = VIVIANE-EEC02E3 | Source = ESENT | ID = 490

Description = svchost (928) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\edb.log"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 1/3/2010 14:29:02 | Computer Name = VIVIANE-EEC02E3 | Source = Microsoft Office 11 | ID = 2001

Description =

 

Error - 1/3/2010 14:48:19 | Computer Name = VIVIANE-EEC02E3 | Source = ESENT | ID = 490

Description = svchost (928) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\edb.log"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 1/3/2010 16:40:36 | Computer Name = VIVIANE-EEC02E3 | Source = ESENT | ID = 490

Description = svchost (932) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\edb.log"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 2/3/2010 04:59:23 | Computer Name = VIVIANE-EEC02E3 | Source = Microsoft Office 11 | ID = 2001

Description =

 

Error - 2/3/2010 10:57:54 | Computer Name = VIVIANE-EEC02E3 | Source = ESENT | ID = 490

Description = svchost (932) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\edb.log"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 2/3/2010 17:01:10 | Computer Name = VIVIANE-EEC02E3 | Source = ESENT | ID = 490

Description = svchost (944) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\edb.log"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 3/3/2010 08:31:03 | Computer Name = VIVIANE-EEC02E3 | Source = Windows Live Messenger | ID = 1000

Description =

 

[ System Events ]

Error - 3/3/2010 10:47:16 | Computer Name = VIVIANE-EEC02E3 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: NCPro

 

Error - 3/3/2010 10:47:20 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:47:22 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:47:23 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:52:38 | Computer Name = VIVIANE-EEC02E3 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Context Manager Process Extension

devido ao seguinte erro: %%2

 

Error - 3/3/2010 10:52:50 | Computer Name = VIVIANE-EEC02E3 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: NCPro

 

Error - 3/3/2010 10:52:55 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:52:59 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:52:59 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

Error - 3/3/2010 10:56:57 | Computer Name = VIVIANE-EEC02E3 | Source = ipnathlp | ID = 31012

Description = O agente proxy DNS encontrou um erro ao obter a lista local de servidores

de resolução de nomes. Talvez alguns servidores DNS ou WINS estejam inacessíveis

a clientes na rede local. Os dados são o código de erro.

 

 

< End of report >

---------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:05:44, on 3/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Família\Desktop\OTL.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

C:\hijackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NewShortcut1.lnk = ?

O4 - Global Startup: TMMonitor.lnk = C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250299882803

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1663BE5-5C66-4342-9B97-4068B7C7E988}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\system32\cmpe.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 7577 bytes

 

 

 

aguardo retorno!

Grata Viviane

 

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

 

• Baixe:OTL.exe

• Salve-o no desktop!

 

 

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

 

-- [] LOP check e [] Purity check

 

• Clique em: e aguarde.

• Poste:

 

1) OTL.txt <-- <3>

2) Extra.txt <--

[PedroN 1]

• Execute o OTL.exe.

• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:files

C:\Arquivos de programas\Ask.com

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

 

OTL:

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\NewShortcut1.lnk = C:\Arquivos de programas\USB_video_device\Utility\RemoteTool\BDARemote.exe File not found

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\AutoRun\command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\open\Command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\AutoRun\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\open\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\AutoRun\command - "" = F:\tZgMdW.Exe -- File not found

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\Open\coMmaND - "" = F:\TZGMdw.eXe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

:Commands

[resethosts]

[purity]

[emptytemp]

[Reboot]

 

• Clique no botão Run Fix --> Aguarde a conclusão!

• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

[vivianeholanda 0]

Files\Folders moved on Reboot...

C:\Documents and Settings\Família\Configurações locais\Temp\A9R24E0.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DF1145.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DFAAAE.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DFC36F.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DFCFBE.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DFE6C6.tmp moved successfully.

C:\Documents and Settings\Família\Configurações locais\Temp\~DFFEE5.tmp moved successfully.

 

Registry entries deleted on Reboot...

 

 

 

 

 

• Execute o OTL.exe.

• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:files

C:\Arquivos de programas\Ask.com

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

 

OTL:

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-1715567821-2025429265-682003330-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\NewShortcut1.lnk = C:\Arquivos de programas\USB_video_device\Utility\RemoteTool\BDARemote.exe File not found

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\AutoRun\command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\open\Command - "" = F:\2nuk.com -- File not found

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\AutoRun\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\open\command - "" = driver\usb\usbdrive.EXE

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\AutoRun\command - "" = F:\tZgMdW.Exe -- File not found

O33 - MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\Open\coMmaND - "" = F:\TZGMdw.eXe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

:Commands

[resethosts]

[purity]

[emptytemp]

[Reboot]

 

• Clique no botão Run Fix --> Aguarde a conclusão!

• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

[PedroN 1]

'>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

[vivianeholanda 0]

Nada mudou, continuo com os mesmos problemas e ainda surgiu mais um a página agora fica atualizando de estante em estante.

 

Fiz no modo de segurança.

 

 

-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft ® Windows Script Host VersÆo 5.6

Copyright © 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2140 @ 1.60GHz )

BIOS : Default System BIOS

USER : Administrador ( Administrator )

BOOT : Fail-safe boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:149 Go (Free:114 Go)

D:\ (USB)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( qui 04/03/2010|18:57 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

"Search bar"="http://search.msn.com/spbasic.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 04/03/2010|18:59 - Option : [2]

 

-----------\\ Verificação completa em 18:59:47,39

 

 

 

 

'>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

[PedroN 1]

Faça o download do UsbFix de acordo com esse tutorial

http://forum.imasters.com.br/index.php?/topic/314662-tutorial-usbfix/

[vivianeholanda 0]

############################## | UsbFix V6.098 |

 

User : Família (Administradores) # VIVIANE-EEC02E3

Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 14:03:29 | 5/3/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Pentium® Dual CPU E2140 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

 

C:\ -> Disco fixo local # 149 Go (114,4 Go free) # NTFS

D:\ -> Disco removível

E:\ -> Disco CD-ROM

F:\ -> Disco removível # 3,84 Go (116,37 Mo free) [VIVIANE] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-1715567821-2025429265-682003330-1003

Supprimido ! F:\Quarantine\S-53-6-28-3434476501-1644491937-600003330-1213\dllview.exe

Supprimido ! F:\Quarantine\S-53-6-28-3434476501-1644491937-600003330-1213\Desktop.ini

Supprimido ! F:\Quarantine\S-53-6-28-3434476501-1644491937-600003330-1213

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{10dc206e-d880-11de-b485-001bb9c31140}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{d73cb8dc-d6bd-11de-b46f-001bb9c31140}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{f37d34ae-91b2-11de-b139-001bb9c31140}\Shell\AutoRun\Command

 

################## | Listing |

 

[20/12/2009 21:04|--a------|4620] C:\Ad-Report-CLEAN[1].log

[20/12/2009 11:30|--a------|4674] C:\Ad-Report-SCAN[1].log

[20/12/2009 20:59|--a------|4716] C:\Ad-Report-SCAN[2].log

[14/08/2009 21:54|--a------|0] C:\AUTOEXEC.BAT

[14/08/2009 21:48|---hs----|211] C:\boot.ini

[28/10/2001 12:06|-rahs----|4952] C:\Bootfont.bin

[14/08/2009 21:54|--a------|0] C:\CONFIG.SYS

[03/11/2009 07:54|--a------|87296] C:\deleteupdatefiles.exe

[11/09/2009 04:57|--a------|921624] C:\img2-001.raw

[14/08/2009 21:54|-rahs----|0] C:\IO.SYS

[14/08/2009 21:54|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM

[03/08/2004 22:59|-rahs----|251168] C:\ntldr

[?|?|?] C:\pagefile.sys

[04/03/2010 18:59|--a------|1569] C:\TB.txt

[05/03/2010 14:11|--a------|2288] C:\UsbFix.txt

[01/03/2010 12:22|--a------|97048510] F:\LST604.by.www.Baixartv.com.rmvb

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_VIVIANE-EEC02E3.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.098 ! |

 

 

 

Faça o download do UsbFix de acordo com esse tutorial

http://forum.imasters.com.br/index.php?/topic/314662-tutorial-usbfix/

[PedroN 1]

Acesse este site:

http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531

 

Clique em

Siga as instruções de configuração do verificador conforme imagem abaixo.

poste o log do scan aqui mesmo no tópico

[vivianeholanda 0]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, March 6, 2010

Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, March 05, 2010 20:12:08

Records in database: 3701187

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Objects scanned: 91494

Threats found: 1

Infected objects found: 3

Suspicious objects found: 0

Scan duration: 02:52:18

 

 

File name / Threat / Threats count

C:\Arquivos de programas\Oi Velox\Conexão\PPPOE098.EXE Infected: Trojan.Win32.Vilsel.tym 1

C:\Arquivos de programas\Oi Velox\Manager\PPPOE098.EXE Infected: Trojan.Win32.Vilsel.tym 1

C:\Arquivos de programas\Oi Velox\Manager\setup.exe Infected: Trojan.Win32.Vilsel.tym 1

 

Selected area has been scanned.

 

 

Acesse este site:

http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531

 

Clique em

Siga as instruções de configuração do verificador conforme imagem abaixo.

poste o log do scan aqui mesmo no tópico

[PedroN 1]

O seu log está limpo, os vírus encontrado pelo Kaspersky são falsos positivos.

 

• Abra o OTL.exe --> Clique em -> Aguarde.

• Na solicitação, clique OK --> Reinicie o computador!

[vivianeholanda 0]

Fiz todas as solicitações pedidas mas até agora meu pc continua com os mesmos problemas.

1. Janelas de resultado de pesquisa abrindo sozinha;

2. Janelas do assistente de inicialização do Outlook abrindo sozinha

(esses dois eu reparei que começam sempre que digito alguma senha, seja do twitter, do MSN etc)

3. e agora a página fica atualizando a todo instante. De maneira que para escrever essa mensagem eu tive q ir ao Word e colá-la, pois caso contrário antes q terminasse de escrevê-la a página já estaria sido atualizada e teria q escrever tudo novamente.

 

O que faço?

:(

 

O seu log está limpo, os vírus encontrado pelo Kaspersky são falsos positivos.

 

• Abra o OTL.exe --> Clique em -> Aguarde.

• Na solicitação, clique OK --> Reinicie o computador!

[vivianeholanda 0]

Fiz todas as solicitações pedidas mas até agora meu pc continua com os mesmos problemas.

1. Janelas de resultado de pesquisa abrindo sozinha;

2. Janelas do assistente de inicialização do Outlook abrindo sozinha

(esses dois eu reparei que começam sempre que digito alguma senha, seja do twitter, do MSN etc)

3. e agora a página fica atualizando a todo instante. De maneira que para escrever essa mensagem eu tive q ir ao Word e colá-la, pois caso contrário antes q terminasse de escrevê-la a página já estaria sido atualizada e teria q escrever tudo novamente.

 

O que faço?

:(

 

O seu log está limpo, os vírus encontrado pelo Kaspersky são falsos positivos.

 

• Abra o OTL.exe --> Clique em -> Aguarde.

• Na solicitação, clique OK --> Reinicie o computador!

[PedroN 1]

Poste um novo log do hijackthis.

[vivianeholanda 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:56:45, on 7/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\ARQUIV~1\MICROS~4\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NewShortcut1.lnk = ?

O4 - Global Startup: TMMonitor.lnk = C:\Arquivos de programas\ArcSoft\TotalMedia 3.5\TMMonitor.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250299882803

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1663BE5-5C66-4342-9B97-4068B7C7E988}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\system32\cmpe.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 9241 bytes

 

 

 

Poste um novo log do hijackthis.

[PedroN 1]

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

[vivianeholanda 0]

ComboFix 10-03-06.08 - Família 07/03/2010 13:10:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.509 [GMT -3:00]

Executando de: c:\documents and settings\Família\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\TMMonitor.lnk

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\VB6KO.DLL

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-07 to 2010-03-07 ))))))))))))))))))))))))))))

.

 

2010-03-05 22:59 . 2010-03-05 22:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-03-05 22:56 . 2010-03-05 22:56 -------- d-----w- c:\windows\Sun

2010-03-05 22:56 . 2010-03-05 22:58 -------- d-----w- c:\arquivos de programas\Google

2010-03-05 22:54 . 2010-03-05 22:54 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-05 22:54 . 2010-03-05 22:54 -------- d-----w- c:\arquivos de programas\Java

2010-03-05 17:11 . 2010-03-05 17:11 1823 ----a-w- C:\UsbFix_Upload_Me_VIVIANE-EEC02E3.zip

2010-03-05 16:54 . 2010-03-05 17:15 -------- d-----w- C:\UsbFix

2010-03-04 21:56 . 2010-03-04 21:59 -------- d-----w- C:\ToolBar SD

2010-03-04 21:56 . 2010-03-04 21:56 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-03-04 21:42 . 2010-03-04 21:43 -------- d-----w- C:\tool

2010-03-04 02:58 . 2010-03-04 02:58 -------- d-----w- c:\windows\system32\LogFiles

2010-03-01 11:21 . 2010-03-01 11:21 -------- d-----w- c:\arquivos de programas\Multilaser

2010-03-01 11:19 . 2010-03-01 11:20 -------- d-----w- c:\arquivos de programas\receptor

2010-03-01 11:17 . 2010-03-01 11:18 110478619 ----a-w- c:\arquivos de programas\receptor_digital_USB.zip

2010-02-28 14:37 . 2009-10-06 21:32 327168 ----a-w- c:\windows\system32\cutil32.dll

2010-02-28 14:37 . 2009-08-03 23:25 285696 ----a-w- c:\windows\system32\cudart.dll

2010-02-28 14:37 . 2010-02-28 14:37 5141755 ----a-w- c:\arquivos de programas\pcw2010_v193.exe

2010-02-28 14:30 . 2010-02-28 14:37 -------- d-----w- c:\arquivos de programas\CPUID

2010-02-28 14:30 . 2009-03-27 04:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2010-02-28 14:29 . 2010-02-28 14:29 2756688 ----a-w- c:\arquivos de programas\cpuz_153_setup.exe

2010-02-24 11:09 . 2010-02-24 11:09 299864 ----a-w- c:\arquivos de programas\dxwebsetup.exe

2010-02-23 23:05 . 2010-02-23 23:07 -------- d-----w- c:\arquivos de programas\direct

2010-02-23 23:02 . 2010-02-23 23:03 35113704 ----a-w- c:\arquivos de programas\directx_9c_redist.exe

2010-02-23 22:06 . 2004-08-04 02:10 15360 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2010-02-23 22:06 . 2004-08-04 02:10 15360 ----a-w- c:\windows\system32\drivers\MPE.sys

2010-02-23 22:06 . 2004-08-04 03:45 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll

2010-02-23 22:06 . 2004-08-04 03:45 363520 ----a-w- c:\windows\system32\PsisDecd.dll

2010-02-23 22:06 . 2004-08-04 02:10 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2010-02-23 22:06 . 2004-08-04 02:10 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys

2010-02-23 22:03 . 2010-02-23 22:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ArcSoft

2010-02-23 22:03 . 2006-11-10 18:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2010-02-23 22:02 . 2010-02-23 22:02 -------- d-----w- c:\arquivos de programas\ArcSoft

2010-02-23 22:02 . 2010-02-23 22:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\ArcSoft

2010-02-23 21:57 . 2008-05-14 22:32 535040 ----a-w- c:\windows\system32\drivers\emBDA.sys

2010-02-23 21:57 . 2008-05-14 22:32 286208 ----a-w- c:\windows\system32\drivers\emOEM.sys

2010-02-23 21:57 . 2007-11-07 21:07 65536 ----a-w- c:\windows\emMON.exe

2010-02-23 21:57 . 2010-02-23 21:57 -------- d-----w- c:\windows\MCE_Codec

2010-02-23 21:57 . 2010-02-23 21:57 -------- d-----w- c:\arquivos de programas\USB_video_device

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-07 16:24 . 2009-12-21 13:14 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-03-05 10:43 . 2009-12-21 13:14 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-03-03 21:23 . 2009-09-09 09:08 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-03-03 15:07 . 2009-12-20 12:09 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-01 11:21 . 2009-08-15 20:33 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-27 16:14 . 2009-08-15 23:18 -------- d-----w- c:\arquivos de programas\Lavalys

2010-02-26 20:11 . 2001-10-28 15:07 81204 ----a-w- c:\windows\system32\perfc016.dat

2010-02-26 20:11 . 2001-10-28 15:07 476232 ----a-w- c:\windows\system32\perfh016.dat

2010-02-19 22:28 . 2009-08-15 04:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-02-16 21:34 . 2009-08-15 20:33 -------- d-----w- c:\arquivos de programas\On-line Help Console

2010-02-04 13:01 . 2010-02-24 11:24 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-04 13:01 . 2010-02-24 11:24 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-04 13:01 . 2010-02-24 11:24 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-04 13:01 . 2010-02-24 11:24 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-01-20 18:35 . 2009-08-18 10:53 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-01-07 19:07 . 2009-12-20 12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 19:07 . 2009-12-20 12:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-31 16:14 . 2004-08-04 02:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-27 19:54 . 2009-12-27 19:54 139392 ----a-w- c:\arquivos de programas\kmp.exe

2009-12-22 09:01 . 2009-12-22 09:01 1084528 ----a-w- c:\arquivos de programas\ccsetup226_slim.exe

2009-12-21 19:08 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-20 12:48 . 2009-12-20 12:48 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-17 07:59 . 2009-08-15 00:50 345600 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:36 . 2004-08-04 03:45 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-09 10:27 . 2004-08-04 03:40 2140160 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-12-09 10:26 . 2004-08-04 00:40 2019840 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-12-07 23:52 . 2009-08-15 03:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-28 21:22 . 2009-11-28 21:22 3484928 ----a-w- c:\arquivos de programas\FoxitPDFEditor21_enu_Setup.exe

2009-09-16 11:37 . 2009-08-15 01:28 1153872 ----a-w- c:\arquivos de programas\wlsetup-web.exe

2009-09-15 23:05 . 2009-09-15 23:05 42496 ----a-w- c:\arquivos de programas\funnyvoice.exe

2009-08-24 14:59 . 2009-08-24 14:58 2501864 ----a-w- c:\arquivos de programas\BitTorrent-6.2.exe

2009-08-19 13:05 . 2009-08-19 13:05 3342809 ----a-w- c:\arquivos de programas\eMule0.49c-Installer.exe

2009-08-18 18:56 . 2009-08-18 18:56 18118056 ----a-w- c:\arquivos de programas\winxp_14324.exe

2009-08-18 11:23 . 2009-08-18 11:23 20453522 ----a-w- c:\arquivos de programas\25781_klite_mega_codec_pack_505.exe

2009-08-18 06:00 . 2009-08-18 05:50 22074000 ----a-w- c:\arquivos de programas\MSNOIE8_PTBR_XP.EXE

2009-08-17 16:33 . 2009-08-17 16:33 25811528 ----a-w- c:\arquivos de programas\wmp11-windowsxp-x86-pt-br.exe

2009-08-17 11:51 . 2009-08-17 11:51 22315066 ----a-w- c:\arquivos de programas\IDT_62nm.zip

2009-08-16 01:40 . 2009-08-16 01:40 23190736 ----a-w- c:\arquivos de programas\Second_Life_1-23-4-123908_Setup.exe

2009-08-16 01:05 . 2009-08-16 01:05 8225651 ----a-w- c:\arquivos de programas\www.x-drivers.ru_sigmatel_stac92xx.zip

2009-08-16 00:28 . 2009-08-16 00:28 1399555 ----a-w- c:\arquivos de programas\wrar390b5br.exe

2009-08-15 23:18 . 2009-08-15 23:18 9880664 ----a-w- c:\arquivos de programas\everestultimate502.exe

2009-08-15 21:18 . 2009-08-15 21:17 24893616 ----a-w- c:\arquivos de programas\AdbeRdr910_pt_BR.exe

2009-08-15 18:15 . 2009-08-15 18:14 31603056 ----a-w- c:\arquivos de programas\LifeCam3.0.exe

2009-08-15 04:47 . 2009-08-15 04:46 6598232 ----a-w- c:\arquivos de programas\Juice22Setup.exe

2009-08-15 04:38 . 2009-08-15 04:38 1094021 ----a-w- c:\arquivos de programas\dvdshrink32setup.zip

2009-08-15 03:26 . 2009-08-15 03:19 33961728 ----a-w- c:\arquivos de programas\avira_antivir_personal_en.exe

2009-08-15 01:52 . 2009-08-15 01:52 1151320 ----a-w- c:\arquivos de programas\wlsetup-custom.exe

2009-06-09 17:56 . 2009-10-22 07:21 65210464 ----a-w- c:\arquivos de programas\avg_free_stf_pb_85_364a1545.exe

2008-10-22 13:35 . 2009-08-16 01:06 1928 ----a-w- c:\arquivos de programas\ReadMe.txt

2008-02-15 01:37 . 2009-08-16 01:06 20948 ----a-w- c:\arquivos de programas\92XXM8-8.INI

2007-05-21 19:20 . 2009-08-16 01:06 79 ----a-w- c:\arquivos de programas\www.x-drivers.ru.url

2006-03-29 12:44 . 2009-08-24 16:59 129623944 ----a-w- c:\arquivos de programas\Nero-7.0.8.2_ptg_no_yt.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 ----a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 ----a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-05 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]

"SysTrayApp"="c:\arquivos de programas\IDT\WDM\sttray.exe" [2008-03-25 442433]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"ISTray"="c:\arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-16 72192]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^NCProTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\NCProTray.lnk

backup=c:\windows\pss\NCProTray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 15:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 07:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\desp2k]

2006-08-03 19:05 65536 ----a-w- c:\arquivos de programas\Oi Velox\Manager\desp2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-08-11 19:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 19:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2009-07-24 18:05 118640 ------w- c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Arquivos de programas\\SecondLife\\SLVoice.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"c:\\Arquivos de programas\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21/12/2009 10:14 130936]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [3/11/2009 09:15 108289]

R2 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [21/12/2009 10:14 348752]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/6/2002 00:09 31232]

S2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe --> c:\windows\system32\cmpe.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [5/3/2010 19:58 135664]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-05 22:58]

 

2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-05 22:58]

 

2010-03-07 c:\windows\Tasks\User_Feed_Synchronization-{47A33645-9DC7-4B99-A68C-047DEA26E811}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-07 13:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw *]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3348)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\STacSV.exe

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\igfxsrvc.exe

c:\arquivos de programas\Spyware Doctor\pctsSvc.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-07 13:27:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-07 16:27

 

Pré-execução: 16 pasta(s) 122.649.202.688 bytes disponíveis

Pós execução: 20 pasta(s) 123.060.826.112 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - C6B98AECC0A03C71FECFC6A98D3724BB

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:33:17, on 7/3/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hijackthis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NewShortcut1.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250299882803

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D1663BE5-5C66-4342-9B97-4068B7C7E988}: NameServer = 200.165.132.155 200.149.55.142

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\system32\cmpe.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 8246 bytes

 

 

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

[PedroN 1]

O seu log está limpo, nada de estranho com ele. Ou seja, o seu problema não está relacionado a malware.

 

Um bom dia.

[vivianeholanda 0]

Fiquei aliviada por uma parte, mas perdida por outra...

onde posto meu problema?

:(

 

O seu log está limpo, nada de estranho com ele. Ou seja, o seu problema não está relacionado a malware.

 

Um bom dia.